STE WILLIAMS

The Apple iPad 2 and iPhone 4S have finally fallen to jail-breakers.

The move allows the more adventurous to install any app of their choosing, not just those approved by Apple to appear on the App Store. For the technically minded the development opens up the possibility of examining the device’s filesystem or installing services such as a secure remote login server (sshd).

On the downside, jail-breaking comes with a number of risks including the potential to open devices to a greater threat of attack from hackers and malware.

The jailbreak works on iPad 2 or an iPhone 4S running iOS 5.0.1.

Jail-breaking is legal in most territories (including the US), but going through the process would void warranties. Tools to carry out the modification were developed by hardware enthusiast group Green Poison. More details on the hack can be found here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/23/ipad2_jailbreak/

Android hackers are discussing the creation of a specialist app store, listing software for rooted handsets and other things that even Google won’t allow.

Google is the limp-wristed liberal of certification authorities, allowing just about anything into its Android Marketplace. But it’s that “just about” that has annoyed some folks in the CyanogenMod ROM team, who have started a discussion about hosting their own application store to fund the development of their alternative Android build.

Android applications aren’t nearly as restricted as their iOS contemporaries, but there are still some things they can’t do. Notably they can’t grab a screenshot, something that prompts tech journalists (among others) to immediately unlock (or “root”) their handsets. Applications running on a “rooted” Android handset can be granted access to resources otherwise unavailable.

Some Android users also want to strip out interface shells or spyware dropped in by the manufacturers and/or network operators. That means wiping out the entire installation and replacing it with an unmodified version of Android, with CyanogenMod being the most popular of such versions.

CyanogenMod is perfectly legitimate: Android is an open-source OS so one is allowed to compile one’s own instance. Google also turns a blind eye to the inclusion of Android Marketplace and other Google apps with the CyanogenMod distribution, though device manufacturers pay for such niceties.

Not that they have to pay: there are other application stores available, and competition is increasing. In the USA Amazon is challenging the pricing model for applications, while GetJar is aggressively pricing applications to encourage use of its store: Sega’s ChuChu Rocket will cost you 69 pence from the Android Marketplace, but is legitimately free from GetJar (and well worth either price).

The original alternative Slide Me is still around, and these days users can even take their chances with the entirely-illegal App Planet, which manages to create a copy of the Android Marketplace only stocked with pirate and cracked copies of every application.

A CyanogenMod app store would focus on applications requiring root access, such as screen grabbers and the like, though it’s worth noting there’s a fair number of those already in the Android Marketplace. The new alternative would also host platform emulators, such as games consoles, but not the games as that would definitely be illegal.

CyanogenMod reckons it has a million users these days, and is having a hard time funding the servers needed to manage and expand that user base. Android was always envisioned as supporting specialist application stores for different groups of users, so it will be interesting to see if this can be made to pay off. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/23/android_marketplace/

Mozilla is promoting a browser-based alternative to usernames and passwords for website logins.

Browser ID offers a decentralized system for user identification and authentication along the same lines as OpenID. To use BrowserID users first have to create an account with Mozilla. After this users would be able to use the technology to enter websites that support BrowserID simply by entering their email address.

Developers can add support to the technology by adding links to a JavaScript library and hooks into a JavaScript API and verification service, as explained in a blog post by Mozilla here.

The technology competes with OpenID, which is already used by prominent sites such as Twitter and Facebook. Mozilla is pushing BrowserID as a more secure and privacy-sensitive method than its competitors.

BrowserID was first released by Mozilla back in July 2011 as a prototype. Mozilla only finished deploying the technology across its own sites earlier this month.

In a blog post, Mozilla’s identity-tech chief Ben Adida signalled plans to push for a wider public release this year and opened a consultation programme. Mozilla is keen to nip any potential concerns about user tracking and online privacy in the bud.

Adida’s blog post on “new user-centric services” also trails plans for Mozilla to introduce a mobile web-based operating system (codenamed B2G) and an app store later this year. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/20/browserid/

A computer programmer has been charged with stealing source code worth $9.5m from the Federal Reserve Bank of New York, according to the FBI and prosecutors.

Bo Zhang, a 32-year-old from Queens in New York, was cuffed on suspicion of swiping the Government-wide Accounting and Reporting (GWA) software, used to help keep track of the US government’s finances.

“Among other things, the GWA handles ledger accounting for each appropriation, fund, and receipt within the Department of the Treasury, and provides federal agencies with an account statement – similar to bank statements provided to bank customers – of the agencies’ account balances with the United States Treasury,” the US attorney’s office for the Southern District of New York said in an official statement.

Zhang was hired as a contractor to work on the code where it’s held in an access-controlled electronic repository in New York. During last summer he allegedly stole the GWA code, which has so far cost the US $9.5m to develop.

“According to the complaint, Zhang admitted that in July 2011, while working at the Fed, he checked out and copied the GWA code onto his hard drive at the Fed; he subsequently copied the GWA code onto an Fed-owned external hard drive; and he connected that external hard-drive to his private office computer, his home computer, and his laptop,” the US attorney’s office added.

“Zhang stated that he used the GWA Code in connection with a private business he ran training individuals in computer programming.”

Despite Zhang’s rather innocuous purported use for the code, he was arrested by the FBI on Wednesday morning and now faces up to ten years in prison and fines of up to $250,000.

“Zhang took advantage of the access that came with his trusted position to steal highly sensitive proprietary software. His intentions with regard to that software are immaterial. Stealing it and copying it threatened the security of vitally important source code,” FBI assistant director-in-charge Janice K Fedarcyk said.

A New York Fed spokesperson told Reuters and others that the bank had investigated the breach as soon as it was uncovered and promptly referred the case to the authorities.

“The New York Fed has further strengthened its already considerable protections as a result of this incident,” the spokesman said. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/19/feds_arrest_programmer_for_software_theft/

A care provider with offices in the Isle of Man and Northern Ireland has committed to improving its data protection standards after losing a memory stick containing unencrypted patient data.

The charity, Praxis Care, lost the memory stick in August 2011.

The device held personal information relating to 107 Isle of Man residents and 53 individuals from Northern Ireland, which in some cases related to their mental health and care. It has not been recovered, according to the Information Commissioner’s Office (ICO).

The organisation has now undertaken to make sure that all portable devices that hold personal data are encrypted and any personal information that it no longer needs will be disposed of securely in line with its updated data security guidance, the ICO said.

Praxis Care – which looks after adults and children with learning disabilities, mental ill health and similar difficulties – said that it would improve its data protection after a joint ruling by the ICO and the Office of the Data Protection Supervisor for the Isle of Man.

Christopher Graham, the information commissioner, said: “Carrying people’s personal information around on an unencrypted memory stick is clearly unacceptable. The fact that some of the personal details stored on the device were out of date and so surplus to requirements makes this breach all the more concerning.

“The ICO will continue to work closely with other data protection regulators where it is clear that a data breach extends across national boundaries.”

This article was originally published at Guardian Government Computing.

Guardian Government Computing is a business division of Guardian Professional, and covers the latest news and analysis of public sector technology. For updates on public sector IT, join the Government Computing Network here.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/19/care_provider_data_protection/

Facebook has downplayed the significance of Ramnit, a recently discovered worm that attempts to steal login credentials for the social networking site.

It said an adapted version of the bank account-raiding virus is not actually spreading through the site itself. However Seculert, the security biz that discovered a Ramnit command-and-control server earlier this month, maintains that the malware is spreading on Facebook via links to websites that exploit security holes to infect machines.

Seculert’s claim is contrary to Facebook’s insistence that it is free of Ramnit-related malicious spam:

Recently, Facebook Security has become aware of a variant of the Ramnit virus that injects malicious HTML into the Facebook login page. We have spent time investigating the malware and have not seen any capability, thus far, for the virus to spam and propagate via Facebook.

Additionally, we have built robust internal systems that validate every single login to our site, regardless if the password is correct or not, to check for malicious activity. By analyzing every single login to the site we have added a layer of security that protects our users from threats both known and unknown. Beyond our engineering teams that build tools to block malware we also have a dedicated enforcement team that seeks to identify those responsible for threats and works with our legal team to ensure appropriate consequences follow.

People can protect themselves by never clicking on strange links and reporting any suspicious activity they encounter on Facebook. We encourage our users to become fans of the Facebook Security Page (www.facebook.com/security) for additional security information.

Aviv Raff, CTO at Seculert, took issue with aspects of Facebook’s statement while endorsing its more general security advice.

“We’ve never said or wrote that the malware injects HTML on Facebook pages. We did say however that it steals information, [primarily] Facebook login credentials (but not only Facebook),” Raff told El Reg.

“There is no reason for the Ramnit authors to have the malware stealing specifically Facebook login credentials beside using those stolen credentials to spread their own malware, or selling them to others who will do the same.”

“I agree with the suggestion for their users. People should be careful clicking on links, even if they are part of a status of their Facebook friends. This is the same with links in emails (even if the email is coming from someone you know),” he added.

Raff stood by his earlier theory that Ramnit is spreading by using stolen account credentials to post malicious links on Facebook.

“Yes, we still suspect that the attackers behind Ramnit used those credentials to spread the malware via malicious links,” Raff said.

“The malware is still being used to steal Facebook credentials from its victims, so Facebook staff and users should keep an eye for such links,” he concluded.

Dammit Ramnit

Ramnit started as a file infector worm that stole FTP credentials and browser cookies, first appearing online around April 2010. Variants of the malware accounted for 17.3 per cent of all new malicious software infections by July 2011, according to Symantec.

Bank account credential stealing capabilities, lifted from the source leak of the even more infamous ZeuS cybercrime toolkit, were added last summer. The addition of Facebook sniffing capabilities represents the latest innovation.

“The malware steals information from the victim. Any form the user enters (e.g. login to Facebook or a bank, sending email via webmail, etc.) is sent to the Ramnit CC [command and control] server,” Raff explained.

This CC server parses information and extracts the Facebook credentials, and puts it in a file called facebook_accounts.txt (as explained in a blog post by Seculert here).

Seculert passed on the 45,000 passwords and associated email addresses it recovered from a Ramnit CC server to Facebook. Most of these account login credentials covered UK and French users. Facebook, as previously reported, said the “majority of the information was out of date” while promising to initiate remedial steps to restore potentially compromised accounts. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/19/ramnit_re_visited/

Japanese police have arrested six suspected cyber-crooks over a one-click billing fraud scam that allegedly targeted sweaty smut surfers.

The Kyoto-based gang allegedly used malware to run a billing fraud against victims, netting them JPY12,000,000 (about $148,800 or £96,000) in the process.

The suspected cyber-criminals are accused of crafting a devious strain of malware and embedding it into grumble-flick websites. Upon visiting said saucy sites, punters who clicked on the ‘play’ button to watch a video ended up executing a file that locks up their machine. Victims are told to either pay up to unfreeze their computer or weep over their almost unusable machine.

Rik Ferguson, a security consultant at Trend Micro, told El Reg: “It’s not credit card fraud as such, more akin to billing fraud or ransomware. The website visitors are fooled into installing an executable on their system. This then demands payment for the service, the window cannot be closed or moved and continues after a reboot.”

There are 118 confirmed sites related to the one-click billing fraud, a type of scam prevalent in but more or less restricted to Japan. Net security firm Trend Micro worked with the Kyoto plod, analysing the malware used as an integral part of the scam. Trend reports a four-fold increase in the con over the last 12 months alone.

Trend has published a blog post on the arrests, which discusses the wider problem of one-click billing fraud in Japan, here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/19/japanese_cops_cuff_smut_trojan_suspects/

McAfee is promising to patch a vulnerability in its hosted anti-malware service after it found a flaw that allowed systems where the product was installed to be turned into potential spam-relay nodes.

SaaS for Total Protection, the vulnerable software, will be patched on “January 18 or 19, as soon as we have finished testing”, McAfee promised in a blog post published on Wednesday.

Two security issues in SaaS for Total Protection product have cropped up over recent days. The first security scare involves the possibility that an attacker might misuse an ActiveX control to execute code. The second abuses McAfee’s “rumor” (update) technology to turn machines running the SaaS for Total Protection client into spam-spewing open relays.

The spam-relay problem resulted in genuine inconvenience for some McAfee customers, whose email was blocked after their IP addresses appeared on blacklists, prompting complaints to McAfee’s forums and blog posts on the issue (here and here).

McAfee said the first bug is already blocked by a patch it released to address a similar problem last August. However the second spam-relaying bug still needs some attention, hence the plan to release a server-side patch this week. Since SaaS for Total Protection is a managed product, customers will not be obliged to update their software themselves.

In its blog post, the security giant said that neither of the two security issues placed customer data at any risk of exposure. Its notice explains the impact of the spam-relay flaw, which has been actively abused by spammers.

“The second issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them,” it said. “Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine. The forthcoming patch will close this relay capability.”

McAfee says both the issues are restricted to SaaS for Total Protection and don’t affect any of its other products.

Old-school scammers used to search the net for open relays through which they might be able to send junk mail before the botnets became the preferred technique for sending junk mail around 10 years ago. Using zombie drones to spew spam is so much easier for crooks, because of the large number of tools that have been developed to automate the process. These tools allow junk mail to be sent out in burst through different machines, rather than the same open relay, a tactic that runs circles around less sophisticated spam-filtering techniques.

Perhaps recent bonnet takedowns have prompted spammers to return to older techniques but our guess is that the McAfee spam relay flaw is something of a one-off, opportunistically seized upon and exploited by a small number of spammers. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/19/mcafee_spam_relay_patch/

Canadian scammers are buying iPad 2s, replacing them in their original packaging with ZipLoc bags filled with modeling clay, “professionally shrink-wrapping” the boxes, then returning them for refunds, absconding with the precious fondleslabs.

The precisely weighted, shrinkwrapped packages containing the clay-filled bags are then resold by unwitting stores to unwitting customers such as scam victim Mark Sandhu, who bought what he thought was an iPad 2 as a Christmas gift for his wife.

“$695 worth of clay, that’s what we have,” Sandhu told Canada’s CTV consumer reporter Lynda Steele, who broke the story.

At first, Sandhu’s wife though the clay was a protective wrapper around the iPad – then she picked it up

At first, Steele thought that only Vancouver’s Best Buy and Future Shop had been hit by the modelling-clay scammers, who pay in cash and receive cash refunds. But further investigation has turned up clay-filled iPad boxes at local Wal-Mart and London Drugs stores, as well.

So far, the investigation has turned up 10 clay-filled iPad boxes sold by Best Buy and Future Shop, another 10 by Wal-Mart, and four by London Drugs.

If you’re an enterprising, larcenous Canadian who might want to get in on the action, before you go out and buy a can or three of Play-Doh, know that Best Buy, Future Shop, and London Drug have changed their return policies as a result of the scam, and now open any returned, shrinkwrapped package in the presence of the returner. Wal-Mart, however, has not.

Android-table fanciers might aver that a modeling-clay iPad is as functional as the real Cupertinian fondleslab

Apple Canada is working with the affected retailers in the investigation, but – as is its custom – remains mum. As spokeswoman Tara Hendela told Steele, “I don’t have an official comment for you for your story, other than to say that we have nothing to add to your story.”

Steele, however, had one comment to add. “This is one of the weirdest stories that I can honestly say I’ve ever investigated,” she said. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/19/modeling_clay_ipads/

A suspected Russian cyber-crook has arrived in the US to face charges of security fraud, computer hacking and ID theft following his deportation from Switzerland.

Vladimir Zdorovenin, 54, of Moscow, Russia, is alleged to have masterminded a series of credit card theft and stock manipulation scams in conjunction with his son, Kirill Zdorovenin, who has not been apprehended.

Both were charged in May 2007, long before Zdorovenin senior was cuffed in Zurich last March. He was deported this week just before a scheduled appearance at a Manhattan federal court on Tuesday.

According to the FBI, the duo’s stock in trade allegedly involved hacking into computers in order to steal credit card details and brokerage account log-ins. The pair would then allegedly run a series of complicated frauds netting hundreds of thousands of dollars. The FBI said that compromised credit account details – lifted using malware – were used to make fictitious fraudulent purchases to shell companies allegedly established by the suspects, while compromised brokerage accounts were used to purchase shares held by the pair at ramped-up (artificially inflated) prices.

The father-and-son suspects are accused of frauds which targeted US consumers and ran during 2004 and 2005, according to an FBI statement on the case.

FBI assistant director Janice K Fedarcyk explains in the statement: “Zdorovenin’s egregious behavior illustrated the true colors of the cyber underground, as he and his son allegedly defrauded consumers of hundreds of thousands of dollars using methods that included compromised credit cards, all fronted through fictitious companies they had created. In addition, Zdorovenin allegedly installed malware to access victims’ brokerage accounts, trading victims’ securities and manipulating the price of stocks Zdorovenin already owned.

“This should serve as a stark reminder to anyone who believes he can commit cyber crime and hide behind the safety and anonymity of a Russian IP address; you are not beyond the reach of the FBI,” she added.

The Russian constitution specifically prohibits the extradition of its citizens, so it is fortunate for the US authorities investigating the case that Zdorovenin strayed into Switzerland. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/18/russian_cybercrime_suspect_deported/